(Pursuant to EU Regulation 2016/679, the “GDPR”)
The present policy describes the processing of personal data and is provided pursuant to articles 13 and 14 of EU Regulation 2016/679 (hereunder, the “GDPR”) and to applicable Italian laws and regulations on the privacy and protection of personal data.
1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller shall be Angelini Holding S.p.A. with registered offices in Viale Amelia, 70 – 00181 Roma, tax identification (codice fiscale) 00459650586 and VAT n. 00898181003 (hereunder, “Angelini” or the “Data Controller”).
The Joint Controller shall be Eurosearch Consultants S.R.L., with registered offices in C.so Vittorio Emanuele II, 98, 10121 Turin, Italy. VAT n. 11103330152, AUT. MIN. PROT. n. 5748 of 23/02/2007, registered with the Turin Company Registry with R.E.A. n. TO-801810. In accordance with the provisions of the joint controllership agreement pursuant to art. 26 of the GDPR executed by the joint controllers, Angelini shall be the point of contact for data owners and shall be required to respond in case the latter exercise their rights, pursuant to articles 15 et. seq. of the GDPR.
Angelini is holding company of the Angelini Group, to whose affiliates it also provides management services and implementation of staff training programs.
Eurosearch is an executive search and leadership consulting company regularly registered with the Ministry of Welfare, and operates in full compliance with its professional code of ethics and with the Best Practices of the AESC. It carries out its human resource search, selection and consulting activities pursuing fairness in treatment of genders pursuant to Laws 903/77 and 125/91 and to applicable laws and regulations, and recognising and respecting diversity in terms of religion, race, ideology and culture.
In case the Data Controller makes use of Processors and Sub-Processors in the processing of data pursuant to art. 28 of the GDPR, the updated list thereof will be held at the registered offices of the Data Controller.
2. WHAT TYPES OF PERSONAL DATA WE MAY PROCESS
The type of personal data we may collect depends on the purpose for which it is collected.
In general, we may collect the following types of personal data:
- Personal contact details, including but not limited to name, surname, email address, profession, address, phone number;
- Personal data directly delivered through communication or attachments to communications (for example bank details, company details);
- Particular categories of data pursuant to art. 9 of the GDPR: for example, data connected to “protected categories” in Italy;
- Usage, viewing or technical data, including the identification of the device or IP address of the user, the moment in which the user visits the website, the URIs (Uniform Resource Identifiers) of resources requested, time of request, method used to submit the request to the server, the size of the file obtained in reply, the number showing the status of the reply by the server (completed, error, etc.) and other parameters on the operating system and IT environment of the user;
Hereunder, “Personal Data”.
3. WHY WE PROCESS PERSONAL DATA AND ON WHAT LEGAL BASIS
The processing of Personal Data by the Data Controller shall take place:
Without specific consent (art. 6 letter b) to f) of the GDPR), for the following purposes:
- Executing agreements with the Data Controller;
- Complying with pre-contractual, contractual and tax obligations originating from existing relationships;
- Complying with legal, regulatory or EU obligations or with an order issued by an Authority;
- Pursuing the legitimate interest of the Data Controller or of third parties, unless your interest or your fundamental rights and freedoms requiring the protection of personal data prevail. More specifically, such legitimate interest of the Data Controller shall be identified in the optimal coordination and enhancement of the search, selection and consulting activities of its network of executive search and leadership consulting firms.
4. HOW LONG DO WE KEEP YOUR PERSONAL DATA
Your Personal Data shall be processed by the Data Controller only for the time needed for satisfying the purpose of processing, as stated above in article 3, after which it will be held exclusively for compliance with applicable legal and regulatory obligations, for administrative purposes and/or to exercise or defend our rights, and in any case no longer than for the time set out for the prescription of such rights.
5. HOW WE PROCESS YOUR PERSONAL DATA
Personal Data is subject to both physical and electronic and/or automatised processing by the Data Controller or by subjects that are duly authorised and/or appointed for such duties and are clearly identified and/or named, properly instructed, and informed of legal and regulatory limitations. Processing shall take place through the use of suitable security measures that can guarantee safety and confidentiality and can avoid risks of loss or destruction, unauthorised access, unauthorised processing or processing that does not comply with the purposes listed above.
6. TO WHOM WE MAY COMMUNICATE YOUR PERSONAL DATA
For the purposes listed above, your Personal Data may be made accessible or communicated:
- To staff and consultants of the Data Controller in their position as authorised Processors, within the scope of their duties and in compliance with the instructions received. Such individuals are in any case subject to compliance with confidentiality and privacy obligations;
- To third parties who carry out activities outsourced by the Data Controller, who are assigned with specific activities, or parts thereof, that are functional to the delivery and distribution of services offered through the website (eg. hosting companies, programmers, systems specialists and database administrators, technical assistance centres, Internet and telecom operators) or whose activities are connected to, instrumental to or in support of the activities of the Data Controller (eg. cloud-based ERP and/or marketing software);
- To any public and/or private subject, physical and/or legal person (legal, administrative or tax consultants, credit recovery firms, Judicial Offices, Chambers of Commerce, Chambers of Labour, etc.) if such communication is necessary or functional to proper compliance with contractual obligations and/or legal and regulatory obligations;
- To any subject (including Public Authorities) that may be granted access to personal data by way of legal or administrative orders;
- To SHL and SDA Bocconi for purposes of the selection process for the Angelini Future Leaders Project.
In any case, your Personal Data shall not be sold or transferred to third parties for marketing purposes and shall not be publicly disclosed.
7. TRANSFER OF PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA (EEA)
The management and storage of your Personal Data shall take place in Europe. It is understood that where necessary, the Data Owner shall be entitled to have your Personal Data Processed outside of the EEA. In such case, the Data Controller guarantees that the transfer outside of the EEA shall take place in compliance with applicable legal and regulatory obligations, where necessary entering into agreements that guarantee an adequate level of protection and/or implementing standard contractual clauses as provided by the European Commission.
Neither this website nor the Data Controller intentionally collect Personal Data referring to minors. In compliance with applicable laws, the parents or legal tutors must provide consent for the collection of Personal Data of minors. In case Personal Data of minors is involuntarily recorded, the Data Controller shall erase it immediately on request of their parents or legal tutors.
9. YOUR RIGHTS
Pursuant to articles 15 et seq. of the GDPR and of applicable national regulations in terms of privacy and protection of personal data, you are entitled to:
1) Obtain confirmation from the Data Controller that your personal data is being processed, and obtain access to your personal data and to the following information:
- Purposes of processing;
- Categories of personal data involved;
- Subjects or groups of subjects to whom data may be communicated, in particular if they are in other countries or international organisations;
- Where feasible, the expected period of filing of the personal data, or if not possible, the criteria used to set out such period;
- Existence of the right of the interested party to ask the Data Controller for the correction or deletion of personal data or for a limitation in processing of personal data concerning them, or to object to the processing thereof;
- The right to lodge a complaint with the supervisory authority;
- If the personal data is not collected from the data owner, all of the information on its origin.
2) Obtain from the Data Controller a correction to the inexact personal data concerning them without undue delay. Keeping in mind the purpose of processing, the Data Owner is entitled to obtain the integration of incomplete personal data, also by delivering a statement.
3) Obtain from the Data Controller the deletion of personal data concerning them without undue delay, and the Data Owner is required to delete without undue delay such personal data with the limitations and in the cases provided by applicable laws and regulations.
4) Obtain from the Data Controller a limitation to processing.
5) Obtain in a format that is structured, commonly used and legible from an automatic device the personal data that concerns them from the Data Controller, and has a right to data portability and therefore to transmit such data to another Data Controller without impediment on behalf of the Data Controller to whom they have delivered it if the processing is based on consent or on a contract, and the processing is carried out with automatised means.
6) Object at any moment, for reasons connected to their specific situation, to the processing of personal data that concerns them.
7) If you consider that your rights have been breached by the Data Controller, submit a complaint to the supervisory authority: Autorità Garante per la protezione dei dati personali (Piazza Montecitorio 121, 00186 Roma (Italy) - www.garanteprivacy.it) and/or to another competent supervisory authority pursuant to the GDPR.
Subsequently to the exercise of rights pursuant to points 2), 3) and 4), the Data Controller shall advise each of the recipients to whom the personal data was sent of any amendment or cancellation or limitation to the processing, within the scope and in the forms set out by applicable laws and regulations.
To exercise the above rights, please contact the Data Controller Angelini Holding, addressing its request to its Data Protection Offier (DPO) [Viale Amelia, 70 00181 Roma (Italy) - email@example.com].